DEV Community

Cover image for Cloud Native Live: Automate pinning GitHub Actions and container images to their digests
Stacey Potter for Stacklok

Posted on • Edited on

1 2

Cloud Native Live: Automate pinning GitHub Actions and container images to their digests

GitHub Actions, like open source dependencies, are vulnerable to malicious attacks. Pinning GitHub Actions to their digests (instead of using floating tags) is recommended by GitHub: it’s the only way to use an Action as an immutable release, so that you’re always using a known-good version even if the source repo is compromised. Likewise, for containers, the digest is a unique identifier for the content of an image. Once an image is built, its digest will always refer to that specific build, ensuring immutability and consistency.

Only 2% of public GitHub repos pin actions to digests today, probably because it’s a tedious process. But there are now ways to automate this!

Join Stacklok Engineers Juan Antonio "Ozz" Osario & Jakub Hrozek for this CNCF Livestream as they explore some free and open source tools you can use to automate pinning container images and Actions by their digests and demo how they work.

July 17, 2024
9am PT / 12pm ET / 16:00 UTC

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more